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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply v^rithin the statutory minimum of thirty (30) days wilt be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the OfHce later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 24 May 2004 . 
2a)\3 This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowanc:e except for fomnal nnatters, prosecution as to the menXs is 

closed In accorxJance with the practice under Ex parte Quayle, 1935 CD. 11. 453 O.G. 213. 

Disposition of Clainns 

4) S Claim(s) 2-4.6.8-10. 12, 14-16 and 18-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) [S1 Claim(s) 2-4.6.8-10.12,14-16,18-22 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10)n The drawing(s) filed on is/are: a)Q accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawjng(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or fomri PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 



3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the Intemational Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . This action is in reply to applicant's correspondence of 24 May 2004. 

2. Claims 2-4,6,8-10,12,14-16,18-22 are pending for examination. 

3. Claims 2-4,6,8-10,12,14-16,18-22 are rejected. 

4. In view of the appeal brief filed on 5/24/2004, PROSECUTION IS HEREBY 
REOPENED. New grounds of rejection are set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1. 1 1 1 (if this Office action is non-final) or a reply under 37 
CFR 1.113 (if this Office action is final); or, 

(2) request reinstatement of the appeal. 

If reinstatement of the appeal is requested, such request must be accompanied by a 
supplemental appeal brief, but no new amendments, affidavits (37 CFR 1.130, 1,131 or 1.132) or 
other evidence are permitted. See 37 CFR 1.193(b)(2), 

5. As per the issue of common ownership "at the time the invention was made, subject an 
obligation. . . [see paper 6, paragraph VI.]", the examiner directs the applicant's attention to the 
following section in the MPEP; 

706.02(1)2 n 

IL EVIDENCE REQUIRED TO ESTABLISH COMMON OWNERSHIP 

It is important to recognize just what constitutes sufficient evidence to establish common 

ownership at the time the invention was made. The common ownership must be shown to 

exist at the time the later invention was made. A statement of present common ownership 

is not sufficient. In re Onda, 229 USPQ 235 (Comm'r Pat. 1985). 

The following statement is sufficient evidence to establish common ownership of, or an 

obligation for assignment to, the same person(s) or organizations(s); 

Applications and references (whether patents, patent applications, patent application 

publications, etc.) will be considered by the examiner to be ovmed by, or subject to an 
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obligation of assignment to the same person, at the time the invention was made, if the 
applicant(s) or an attorney or agent of record makes a statement to the effect that the 
application and the reference were, at the time the invention was made, owned by, or 
subject to an obligation of assignment to, the same person. See "Guidelines Setting Forth 
a Modified Policy Concerning the Evidence of Common Ownership, or an Obligation of 
Assignment to the Same Person, as Required by 35 U.S.C. 103(c)," 1241 O.G. 96 
(December 26, 2000). The appiicant(s) or the representative(s) of record have the best 
knowledge of the ownership of their application(s) and reference(s), and their statement 
of such is sufficient evidence because of their paramount obligation of candor and good 
faith to the USPTO. 

The statement concerning common ownership should be clear and conspicuous (e.g., on 
a separate piece of paper or in a separately labeled section) in order to ensure that the 
examiner quickly notices the statement. Applicants may, but are not required to, submit 
further evidence, such as assignment records, affidavits or declarations by the common 
owner, or court decisions, in addition to the above-mentioned statement concerning 
common ownership. 

For example, an attorney or agent of record receives an Office action for Application X 
in which all the claims are rejected under 35 U.S.C. 103(a) using Patent A in view of 
Patent B wherein Patent A is only available as prior art under 35 U.S.C. 102(e), (f), 
and/or (g). In her response to the Office action, the attorney or agent of record for 
Application X states, in a clear and conspicuous manner, that: 

^^Application X and Patent A were, at the time the invention of Application X was made, 
owned by Company Z." This statement alone is sufficient evidence to disqualify Patent A 
from being used in a rejection under 35 U.S.C. 103(a) against the claims of Application 
X. 

Whereas the requirement for 'The statement concerning common ownership should 
be clear and conspicuous (e.g., on a separate piece of paper or in a separately labeled 
section) in order to ensure that the examiner quickly notices the statement" is clearly not 
met. 



Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 
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6. Claims 2-4,6,8-10,12,14-16,18-22 are rejected under 35 U.S.C, 112, second paragraph, as 
being incomplete for omitting essential elements, such omission amounting to a gap between the 
elements. See MPEP § 21 72.0 L The omitted elements are: "using said embedded radio 
modules" as the return communications path; (claim 2,8,14, and claims 3,4,19,9,10,20,15,16,21 
by dependence) ''returning from said first device, a unique device identifier of said first device, 
to said server", (claim 6,12,18, and claim 22 by dependence) ''returning from said first device a 
unique device identifier and said public key of said first device to said server", "transmitting said 
device certificate and a public key of a Certificate Authority which signed said device certificate 
to said first device". 

Claims 2-4,6,8-10,12,14-16,18-22 are rejected under 35 U.S.C. 112, second paragraph, as 
being incomplete for omitting essential structural cooperative relationships of elements, such 
omission amounting to a gap between the necessary structural connections. See MPEP 
§ 2172.01. The omitted structural cooperative relationships are: "wherein said protected storage 
is write-only storage able to perform computations involving previously-written data" (claims 
2,6,8,12,14,18 and claims 3,4,19,9,10,20,15,16,21,22 by dependence), whereas the use of "write- 
only storage" that although it is recited in the claim as storage (protected), at the same time it is 
expected to be "able to perform computations". This is clearly an inconsistency in either the art 
per se, or is an implementation omission. 

aaim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

7. Claims 2-3,8-9,14-15,19-21 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Debry, U.S. Patent 6,314,521 Bl. 

8, As per claim 2; " A method for initializing [see Debry, col. 6, lines 4-7] a first device 
distributed with an embedded radio module using a server, said server having an embedded radio 
[coL 6, lines 16-17, col. 7, lines 20-24] module, said method comprising the steps of: sending an 
inquiry [col. 6, lines 33-35, the inquiry as part of the establishment of the HTTP session (i.e., 
SSL mutual authentication handshaking), whereas it is inherent that the HTTP session 
establishment protocol is bi-directional (i.e., SSL cryptographic parameter/key setup during 
secure communications setup)] firom said server to said first device using said embedded radio 
modules; returning [col. 6, lines 36-43], fi-om said first device, a unique device identifier [coL 6, 
lines 19-27,40-41, col. 8, lines 17-25] of said first device, to said server; creating, at said server, 

a public key, private key pair [col. 6, lines 56-60] for said first device; creating, at said server, a 
device certificate [col. 6, Hnes 12-18, col. 9, lines 15-23] for said first device, said device 
certificate having a unique hardware identifier associated with said first device and a public key 
associated with said first device; transmitting [col. 6, lines 52-64] said private key, and said 
device certificate [col 7, lines 25-26], and a public key of a Certificate Authority [col. 6, lines 
10-11, col. 8, lines 26-28, 38-44] which signed said device certificate, to said first device; and, 
storing said private key in non-removable protected storage [col 6, lines 28-32, 66-67] at said 
first device; wherein said protected storage is v^ite-only storage able to perform computations 
involving previously-written data [col. 6, lines 66-67]." ; 
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And further as per claim 8; "A system [This claim is the apparatus of the method claim 
2, and is rejected for the same reasons provided for the claim 2 rejection above] for initializing a 
first device distributed with an embedded radio module using a server, said server having an 
embedded radio module, said system comprising: a communications mechanism for sending an 
inquiry from said server to said first device using said embedded radio modules, and returning, 
from said first device, a unique device identifier of said first device, to said server; a processor at 
said server for creating a public key, private key pair for said first device; a device certificate, 
created at said server, for said first device, said device certificate having a unique hardware 
identifier associated with said first device and a public key associated with said first device; 
wherein said communications mechanism transmits said private key, and said device certificate, 
and a public key of a Certificate Authority which signed said device certificate, to said first 
device; and, said processor stores said private key in non-removable protected storage at said 
first device; wherein said protected storage is write-only storage able to perform computations 
involving previously-written data."; 

And further as per claim 14; "A computer program product embodied in a machine 
readable medium [This claim is the software embodiment of the method claim 1, and is rejected 
for the same reasons provided for the claim 1 rejection above] for initializing a first device 
distributed with an embedded radio module using a server, said server having an embedded radio 
module, wherein said computer program product comprises the programming steps of: sending 
an inquiry from said server to said first device using said embedded radio modules; returning, 
from said first device, a unique device identifier of said first device, to said server; creating, at 
said server, a public key, private key pair for said first device; creating, at said server, a device 
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certificate for said first device, said device certificate having a unique hardware identifier 
associated with said first device and a pubhc key associated with said first device; transmitting 
said private key, and said device certificate, and a public key of a Certificate Authority which 
signed said device certificate, to said first device; and, storing said private key in non-removable 
protected storage at said first device; wherein said protected storage is write-only storage able to 
perform computations, involving previously-written data. " ; 

9. Claim 3 additionally recites the limitations that "... wherein a copy of said certificate is 
stored in an enterprise database''. The teachings oiFDebry (col. 6, lines 24-26, 61-64) suggest 
such limitations (i.e., IBM Corp. wide database is clearly an enterprise database); 

And fiirther, claim 9 additionally recites the limitations that "... wherein a copy of said 
certificate is stored in an enterprise database. " [This claim is the apparatus of the method claim 
3, and is rejected for the same reasons provided for the claim 3 rejection above]; 

And further, claim 15 additionally recites the limitations that "... wherein a copy of said 
certificate is stored in an enterprise database. " [This claim is the software embodiment of the 
method claim 3, and is rejected for the same reasons provided for the claim 3 rejection above]. 

10. Claim 19 additionally recites the limitations that "... wherein communications between 
said first device and said server is performed in a wireless manner."; The teachings of Debry 
(col. 6,lines 16-17, and col. 7,lines 20-24, whereas it is inherent that the cell phone (and inherent 
accompanying base station component) clearly is a wireless communications technology in a 
client server architecture environment) suggest such limitations; 

And further, claim 20 additionally recites the limitations that "... wherein 
communications between said first device and said server is performed in a wireless manner." 
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[This claim is the apparatus of the method claim 19, and is rejected for the same reasons 
provided for the claim 19 rejection above]; 

And further, claim 21 additionally recites the limitations that "... wherein 
communications between said first device and said server is performed in a wireless manner." 
[This claim is the software embodiment of the method claim 19, and is rejected for the same 
reasons provided for the claim 19 rejection above]. 

Oaim Rejections - 35 USC §103 
The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

11. Claims 4,10,16 rejected under 35 U.S.C. 103(a) as being unpatentable over Debry, U.S. 
Patent 6,314,521 Bl as appUed to claims 2,8,12 respectively, above, and fijrther in view of 
Netscape ("Netscape") Communications Corp., "Netscape Certificate Server FAQ", 1997, 

As per claim 4 ; "A method as claimed in claim 2 wherein a copy of said certificate is 
stored in an LDAP directory." . 

Debry teaches of the certificate based initialization / authentication of a first device 
associated with a network server / certificate authority in an enterprise (i.e., IBM) environment. 

Debry fails to teach of the certificate storage being in an LDAP directory. 

Netscape teaches of using the Netscape Certificate Server vl .0 for managing (clearly 
including storage) PKI based digital certificates in an enterprise-wide security infrastructure 
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scaled to the internet, using open standards including LDAP directory support (2"^ section, 1^ 
and 3^ bullets). 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to have been motivated to combine the Debry certificate based initialization / 
authentication of a first device associated with a network server / certificate authority in an 
enterprise environment invention with the Netscape Certificate Server v 1.0 for managing. PKI 
based digital certificates in an enterprise-wide security infrastructure, using LDAP directory 
support to allow for the Open Standards support for PKI based security (i.e., SSL, X.509 
directory services, etc.) that is required in such large networks such as the internet (Netscape, 
entire document). 

And further, claim 10 additionally recites the limitations that "A system as claimed in 
claim 8 wherein a copy of said certificate is stored in an LDAP directory." [This claim is the 
apparatus of the method claim 4, and is rejected for the same reasons provided for the claim 4 
rejection above]; 

And further, claim 16 additionally recites the limitations that "The computer program 
product as claimed in claim 14 wherein a copy of said certificate is stored in an LDAP 
directory." [This claim is the software embodiment of the method claim 4, and is rejected for the 
same reasons provided for the claim 4 rejection above]; 

Allowable Subject Matter 
12. As per claim 6 ; "A method for initializing [see Debry, col. 6, lines 4-7] a first device 
distributed with an embedded radio [col. 6, lines 16-17, col 7, lines lO-lA] module using a 



Application/Control Number: 09/3 16,804 Page 10 

Art Unit: 2136 

server, said server having an embedded radio module, said method comprising the steps of: 
sending an inquiry [col. 6, lines 33-35, the inquiry as part of the establishment of the HTTP 
session (i.e., SSL mutual authentication handshaking)] from said server to said first device using 
said embedded radio modules; creating at said first device, a public key, private key pair for said 
first device; storing, at said first device, said private key in non-removable protected storage; 
returning from said first device, a unique device identifier and said public key of said first 
device, to said server; creating, at said server, a device certificate for said first device, said device 
certificate having said device identifier and said public key; and transmitting said device 
certificate and a public key of a Certificate Authority v^hich signed said device certificate to said 
first device; wherein said protected storage is vso-ite-only storage able to perform computations 
involving previously-written data."; 

And further as per claim 12 ; "An initialization system [This claim is the apparatus of the 
method claim 6, and is allowed for the same reasons provided for claim 6 above], said system 
comprising: a first device, said first device having an embedded radio module; a server, said 
server having an embedded radio module; a communications mechanism, said communications 
mechanism sending an inquiry from said server to said first device using said embedded radio 
modules; wherein said first device creates a public key, private key pair for said first device, 
stores said private key in non-removable protected storage, and returns a unique device identifier 
and said public key of said first device, to said server; said server creates a device certificate for 
said first device, said device certificate having said device identifier and said public key; and 
transmits said device certificate and a public key of a Certificate Authority which signed said 
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device certificate to said first device; wherein said protected storage is v^ite-only storage able to 
perform computations involving previously-written data."; 

And further as per claim 18 ; "A computer program product embodied in a machine 
readable medium [This claim is the software embodiment of the method claim 6, and is allowed 
for the same reasons provided for claim 6 above] for initializing a first device distributed with an 
embedded radio module using a server, said server having an embedded radio module, wherein 
said computer program product comprises the programming steps of sending an inquiry from 
said server to said first device using said embedded radio modules; creating, at said first device, a 
public key, private key pair for said first device; storing, at said first device, said private key in 
non-removable protected storage; returning, from said first device, a unique device identifier and 
said public key of said first device, to said server; creating, at said server, a device certificate for 
said first device, said device certificate having said device identifier and said public key; and 
transmitting said device certificate and a public key of a Certificate Authority which signed said 
device certificate to said first device; wherein said protected storage is write-only storage able to 
perform computations involving previously-written data."; 

And further as per claim 22 additionally reciting the limitations that "... wherein 
communications between said first device and said server is performed in a wireless manner."; 
1 3 . Claims 6, 1 2, 1 8,22 are allowed over prior art insofar as the '"creating at said first device 
[i.e., client side], a public key, private key pair for said first device", versus the creation of the 
key pair at the "server" side is not taught or suggested in the prior art of record (nor in 
combination with additional art thereof). 



Application/Control Number: 09/316,804 
Art Unit: 2136 



Page 12 



Conclusion 



14, Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (703) 305-4276. The examiner 
can normally be reached Monday through Friday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The Fax number for the organization 
where this appUcation is assigned is 703-872-9306. 

Ronald Baum 



Patent Examiner 




/ AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



